169 lines
4.4 KiB
YAML
169 lines
4.4 KiB
YAML
---
|
|
|
|
- name: "Install restic"
|
|
ansible.builtin.apt:
|
|
name:
|
|
- restic
|
|
state: latest
|
|
update_cache: true
|
|
become: true
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: "Ensure /opt/scripts/ exists"
|
|
ansible.builtin.file:
|
|
path: /opt/scripts
|
|
state: directory
|
|
mode: '0755'
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Ensure /opt/db_dumps/ exists"
|
|
ansible.builtin.file:
|
|
path: /opt/db_dumps/
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Copy restic backup scripts"
|
|
ansible.builtin.copy:
|
|
src: "restic-backup-scripts/"
|
|
dest: /opt/scripts/restic/.
|
|
owner: root
|
|
group: root
|
|
mode: u+rwx
|
|
force: true
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
|
|
ansible.builtin.template:
|
|
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
|
|
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rwx'
|
|
force: true
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template restic prune script restic-prune.sh"
|
|
ansible.builtin.template:
|
|
src: ../templates/restic-prune.sh.j2
|
|
dest: /opt/scripts/restic/restic-prune.sh
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rwx'
|
|
force: true
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template environment variable file restic.env"
|
|
ansible.builtin.template:
|
|
src: ../templates/restic.env.j2
|
|
dest: /opt/scripts/restic/restic.env
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
force: true
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template restic password file restic-password-repo"
|
|
ansible.builtin.template:
|
|
src: ../templates/restic-password-repo.j2
|
|
dest: /opt/scripts/restic/restic-password-repo
|
|
owner: root
|
|
group: root
|
|
mode: '0440'
|
|
force: true
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template systemd units for restic"
|
|
ansible.builtin.template:
|
|
src: "restic.service.j2"
|
|
dest: "/etc/systemd/system/restic@.service"
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rw'
|
|
force: true
|
|
register: unit
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template systemd units for restic"
|
|
ansible.builtin.template:
|
|
src: "restic-prune.service.j2"
|
|
dest: "/etc/systemd/system/restic-prune.service"
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rw'
|
|
force: true
|
|
register: unit
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template systemd timers for restic"
|
|
ansible.builtin.template:
|
|
src: "restic.timer.j2"
|
|
dest: "/etc/systemd/system/restic@.timer"
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rw'
|
|
force: true
|
|
register: unit
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Template systemd timers for restic"
|
|
ansible.builtin.template:
|
|
src: "restic-prune.timer.j2"
|
|
dest: "/etc/systemd/system/restic-prune.timer"
|
|
owner: root
|
|
group: root
|
|
mode: 'u+rw'
|
|
force: true
|
|
register: unit
|
|
when: "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Reload systemd units"
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
when: unit.changed
|
|
|
|
- name: "Enable systemd units for restic"
|
|
ansible.builtin.systemd:
|
|
enabled: true
|
|
name: "{{ item }}"
|
|
with_items:
|
|
- "restic@{{ inventory_hostname }}.service"
|
|
- "restic@{{ inventory_hostname }}.timer"
|
|
- "restic-prune.service"
|
|
- "restic-prune.timer"
|
|
when: unit.changed
|
|
|
|
#- name: "Enable systemd units for restic-wasabi"
|
|
# ansible.builtin.systemd:
|
|
# enabled: true
|
|
# name: "{{ item }}"
|
|
# with_items:
|
|
# - "restic@{{ inventory_hostname }}.service"
|
|
# - "restic@{{ inventory_hostname }}.timer"
|
|
|
|
#- name: "Cronjob for Backups"
|
|
# ansible.builtin.cron:
|
|
# name: "Restic Backup"
|
|
# minute: "0"
|
|
# hour: "3"
|
|
# job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
|
|
# when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
|
|
|
#- name: "Cronjob for Backups"
|
|
# ansible.builtin.cron:
|
|
# name: "Restic Backup"
|
|
# minute: "0"
|
|
# hour: "3"
|
|
# job: "/opt/scripts/restic/restic-backup_desktops.sh"
|
|
# when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
|
|
|
- name: "Template restic_db_passwords.env"
|
|
ansible.builtin.template:
|
|
src: "restic_db_passwords.env_{{ inventory_hostname }}.j2"
|
|
dest: /opt/scripts/restic/restic_db_passwords.env
|
|
owner: root
|
|
group: root
|
|
mode: '0440'
|
|
force: true
|